/**
 * Copyright 2014 the original author or authors. All rights reserved.
 */
package com.visionet.security.filter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * 
 *
 * @author suxiaojing
 * @date 
 * @since 0.0.1
 */
public class StatelessAuthenticationFilter extends AuthenticatingFilter {
	
	private final Logger logger = LoggerFactory.getLogger(getClass());

	/* (non-Javadoc)
	 * @see org.apache.shiro.web.filter.authc.AuthenticatingFilter#createToken(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
	 */
	@Override
	protected AuthenticationToken createToken(ServletRequest request, ServletResponse response)
			throws Exception {
		// TODO Auto-generated method stub
		logger.info ("StatelessAuthenticationFilter createToken");
		return null;
	}

	/* (non-Javadoc)
	 * @see org.apache.shiro.web.filter.AccessControlFilter#onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
	 */
	@Override
	protected boolean onAccessDenied(ServletRequest request, ServletResponse response)
			throws Exception {
		// TODO Auto-generated method stub
		logger.info ("StatelessAuthenticationFilter onAccessDenied");
		return false;
	}

	/*
	 * (non-Javadoc)
	 * 
	 * @see
	 * org.apache.shiro.web.filter.authc.AuthenticatingFilter#createToken(javax
	 * .servlet.ServletRequest, javax.servlet.ServletResponse)
	 */
//	@Override
//	protected AuthenticationToken createToken(ServletRequest request, ServletResponse response)
//			throws Exception {
//		HttpServletRequest req = WebUtils.toHttp(request);
//		PropertiesLoader propertiesLoader = new PropertiesLoader();
//		return new StatelessToken(req.getHeader(SecurityHeader.TOKEN), propertiesLoader.getValue("security.stateless.key"));
//	}


	/*
	 * (non-Javadoc)
	 * 
	 * @see
	 * org.apache.shiro.web.filter.AccessControlFilter#onAccessDenied(javax.
	 * servlet.ServletRequest, javax.servlet.ServletResponse)
	 */
//	@Override
//	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
//		if (isStatelessRequest(request)) {
//			StatelessToken token = (StatelessToken) createToken(request, response);
//			if (isTokenExpired(token)) {
//				logger.trace("Attempting to access a path with token, but token has been expired [{}]",token.getExpireDate());
//				Message<?> message = new Message<>(SecurityMessageCode.CREDENTIAL_EXPIRED);
//				WebUtils.writeJsonResponse(message, WebUtils.toHttp(response));
//				return false;
//			}else{
//				logger.trace("Token validation passed, go login.");
//				Subject subject = getSubject(request, response);
//	            subject.login(token);
//	            return true;
//			}
//		}else{
//			Message<?> message = new Message<>(SecurityMessageCode.UNAUTHORIZED);
//			WebUtils.writeJsonResponse(message, WebUtils.toHttp(response));
//			return false;
//		}
//	}
//
//	protected boolean isStatelessRequest(ServletRequest request) {
//		return StringUtils.isNotEmpty(WebUtils.toHttp(request).getHeader(SecurityHeader.TOKEN));
//	}
//
//	protected boolean isTokenExpired(StatelessToken token) {
//		Long currentTime = System.currentTimeMillis();
//		if (currentTime.compareTo(currentTime) > 0) {
//			return true;
//		}
//		return false;
//	}

}
